- Beijing emphasises two key points: adherence to lawful conduct against hacker activities and opposition to the politicisation of cybersecurity incidents to malign country’s reputation
- Microsoft has been actively coordinating with key cybersecurity partners, including the Department of Defense’s Cyber Defense Command and global cyber defense organisations, to mitigate the ongoing threat.
The Chinese government has issued a formal warning against the exploitation of cybersecurity issues in Microsoft as a tool to defame the country.
The attacks in question involved three hacker groups identified by Microsoft, two of which are alleged to operate on behalf of the Chinese state.
These attacks exploited a previously unknown vulnerability in Microsoft’s SharePoint software, a file-sharing program widely used by corporations and government agencies.
The Chinese government, through Foreign Ministry spokesman Guo Jiakun, expressed an official stance emphasising two key points: adherence to lawful conduct against hacker activities and opposition to the politicisation of cybersecurity incidents to malign China’s reputation.
This position suggests a dual approach of condemning cybercrime while pushing back against international narratives that may prematurely or unfairly implicate China.
Such vulnerabilities, often called “zero-day” exploits, are highly sought after by intelligence agencies due to their potential for covert data theft, password harvesting, and unauthorised system access.
Persistent challenges
The discovery and subsequent exploitation of this vulnerability underscore the persistent challenges faced by software developers and cybersecurity professionals in safeguarding digital infrastructure.
In response, Microsoft acted swiftly to release security updates to mitigate the vulnerability and protect affected systems.
Microsoft’s SharePoint server software has exposed vulnerabilities that have compromised approximately 400 organisations worldwide, a figure significantly higher than the initial count of 100 documented over the preceding weekend.
Researchers at the Netherlands-based Eye Security disclosed these findings, cautioning that the current estimate likely underrepresents the full scope of the breach. This sophisticated campaign underscores the emerging and persistent threat posed by state-sponsored cyber attackers, particularly those linked to China.
The primary actors named by Microsoft include the groups Linen Typhoon and Violet Typhoon, which the company has been monitoring for years due to their targeting of entities connected to government, defense, human rights, education, media, financial, and health sectors across the United States, Europe, and East Asia.
Another suspected participant, dubbed Storm-2603, was attributed with “medium confidence” to Chinese origin, suggesting a coordinated campaign by multiple threat actor groups.
Further defensive measures needed
The US Cybersecurity and Infrastructure Security Agency (CISA) confirmed awareness of the intrusion and notified critical infrastructure organisations potentially affected by the breach.
CISA emphasised that the vulnerabilities in SharePoint allowed malicious actors to gain full access to content, including sensitive file systems, internal configurations, and the ability to execute code remotely, thereby posing severe risks to affected entities.
Microsoft has been actively coordinating with key cybersecurity partners, including the Department of Defense’s Cyber Defense Command and global cyber defense organisations, to mitigate the ongoing threat.
Notably, cybersecurity analysts have raised alarms about the extent of the compromise. Eye Security’s comprehensive scanning of over 23,000 SharePoint servers revealed that more than 400 systems were actively exploited.
These breaches could permit attackers to extract cryptographic keys, enabling persistent access and user impersonation even after system patches are applied, thereby necessitating further defensive measures from affected organisations.
Related Posts:
- Hackers can swap faces to gain illegal access with Windows Hello
- About 10% of staff responsible for nearly 73% of cybersecurity risks
Discover more from TechChannel News
Subscribe to get the latest posts sent to your email.
